Wed May 9 20:16:40 UTC 2012patches/packages/wicd-1.7.2.4-x86_64-2_slack13.37.txz: Rebuilt. Fixed an input sanitization bug that breaks accepting a passphrase for a new password protected access point. Patch from upstream. Thanks to Willy Sudiarto Raharjo for the notice.+--------------------------+Tue May 8 21:21:10 UTC 2012patches/packages/php-5.3.13-x86_64-1_slack13.37.txz: Upgraded. This release completes a fix for a vulnerability in CGI-based setups. Note: mod_php and php-fpm are not vulnerable to this attack. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2311 (* Security fix *)+--------------------------+

Wed May 23 00:14:52 UTC 2012patches/packages/libxml2-2.7.8-x86_64-4_slack13.37.txz: Upgraded. Patched an off-by-one error in XPointer that could lead to a crash or possibly the execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102 (* Security fix *)+--------------------------+

Sat Jun 16 16:19:36 UTC 2012patches/packages/mozilla-firefox-13.0.1-x86_64-1_slack13.37.txz: Upgraded. This is a bugfix release, addressing issues with recent versions of Flash, Hotmail, and rendering of Hebrew text.patches/packages/mozilla-thunderbird-13.0.1-x86_64-1_slack13.37.txz: Upgraded. This is a bugfix release, addressing issues with the new Filelink feature, and miscellaneous other stability and display updates.+--------------------------+

Mon Jun 25 02:32:37 UTC 2012patches/packages/freetype-2.4.10-x86_64-1_slack13.37.txz: Upgraded. Since freetype-2.4.8 many fixes were made to better handle invalid fonts. Many of them are vulnerabilities (see CVE-2012-1126 up to CVE-2012-1144 and SA48320) so all users should upgrade. (* Security fix *)patches/packages/seamonkey-2.10.1-x86_64-1_slack13.37.txz: Upgraded. This is a bugfix release.patches/packages/seamonkey-solibs-2.10.1-x86_64-1_slack13.37.txz: Upgraded. This is a bugfix release.+--------------------------+

Fri Jul 13 23:14:15 UTC 2012patches/packages/php-5.3.14-x86_64-1_slack13.37.txz: Upgraded. This release fixes a weakness in the DES implementation of crypt and a heap overflow issue in the phar extension. (* Security fix *)patches/packages/pidgin-2.10.6-x86_64-1_slack13.37.txz: Upgraded. Fixes a security issue for users of MXit: Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3374 (* Security fix *)+--------------------------+

Fri Jul 27 17:15:24 UTC 2012patches/packages/bind-9.7.6_P2-x86_64-1_slack13.37.txz: Upgraded. Prevents a named assert (crash) when validating caused by using "Bad cache" data before it has been initialized. [RT #30025] ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. [RT #29539 & #30233] Under heavy incoming TCP query loads named could experience a memory leak which could lead to significant reductions in query response or cause the server to be terminated on systems with "out of memory" killers. [RT #29539] A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [RT #29644] (* Security fix *)+--------------------------+